Register multiple domains to an Okta Active Directory agent
You can register multiple domains to a single Okta Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. (AD) agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations.. However, these domains must be in the same forest and contain trust, otherwise the Service account the agent runs as cannot connect to the other domains to register them.
To add additional domains to the Okta AD agent, you need to ensure the domains have an external trust and the domainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https). service account has sufficient privileges in all domains.
- On the server running the Okta AD agent, select Start > All Programs > Okta > Okta AD Agent > Okta AD Agent Manager.
- Select Domains.
- In the drop-down, select a domain and then click Register. Alternatively, type the domain name in the field, and then click Register.
A message appears stating that your new domain has been registered and you are prompted to restart the agent.
- Optional. Register additional domains.
- Restart the Okta AD agent.